Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptON Ransomware Support & Help Topic (<id-number>_x3m, _locked, _r9oj)


  • Please log in to reply
424 replies to this topic

#421 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:19 AM

Posted 18 November 2017 - 01:02 PM

There are "good" hackers on the side of law enforcement and various government/private agencies. However, if it were that easy to crack ransomware encryption, track down and arrest cyber-criminals, seize their servers, etc...the malware developers would move on to something else.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


m

#422 rstockham23

rstockham23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 01 December 2017 - 09:03 AM

Our organization was hit hard recently with the Cry36 Ransomware.  I know there is no way to decrypt this at the moment, but I may have some files to help those out there that work on decryption tools.  After scouring event logs and files for hours, I came across some of the files they used to hack and left behind.  Hopefully these will be useful to someone.  Let me know if you need any more information.  I was able to recognize where they had logged in from a remote desktop connection, attempted to use this software, but antimalware software shut them down, then they connected to other machines on the network until they got it to work. Here's the link to the .zip file with the files:  https://drive.google.com/file/d/18CFi8U5KhY9UxrKMw-GOWPgz3BAVkuuf/view?usp=sharing



#423 rstockham23

rstockham23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 05 December 2017 - 10:03 AM

Has anyone successfully paid the ransom and received a working unlocker/key, etc for Cry36?  If so, would you be willing to share your unlock software and key for reverse engineering purposes?



#424 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:05:19 PM

Posted 05 December 2017 - 12:18 PM

Hello,

You should use another service than google drive as there is an error with google drive "Sorry, this file is infected by a virus, only the owner is allowed to download infected files.".

Kind regards, Emmanuel



#425 akdrsdy

akdrsdy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 10 December 2017 - 06:45 AM

Hi, I got an unlocker that payed. Our files encrypted as "id_xxx_[xxx@xxx.com].nemesis". As friends said, it's showing "error extention file". I want to solve this problem. But I don't know where to start. Can someone help me about starting point of reverse engineering?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users